Comprehensive Bypass Testing of Web Sites
Modern web-based systems are becoming increasing complex. These systems rely heavily on client-side technologies for both data input and display. Client-side technologies such as web browsers, plug-ins and scripting languages are often used not only to provide users with an interactive environment but also to verify inputs. Web-based systems that utilize client-side input verification as their only source of input validation are at a high risk for malicious attacks, due to ability to circumvent the input verification process. Because client-side data verification leaves web-based systems open to a plethora of malicious attacks, web-based systems require testing strategies and tools that can expose these types of vulnerabilities. HTTPUnit, an open-source software product that can mimic the interactions between the client and server of a web-based system, can be adapted to test web-based systems for robustness under unexpected or malicious inputs. The presentation will discuss the use of HTTPUnit to assess whether a web-based system’s reliance upon client-side input verification is of acceptable risk to the system.
The following presentation provides an greater introduction to this work:
Testing the Security of Web-Based Applications